Sorry server connection much slower

Unanswered Question
Sep 27th, 2007
User Badges:

I have a CSS configured for server failover in one armed mode on the ouside Interface of PIX firewall.

During failover the secondary server is at DR site, so data path is through PIX to inside network across DS3 to DR PIX DMZ.

The path from PIX through inside network to PIX is encapsulated in a VPN tunnel for security of client information.

The secondary during failover is extremely slow from Internet.

I am thinking there could be an MTU issue and fragmentation.

pinging with "do not fragment" flag set shows only 990 bytes getting through without fragmentation.

Is there anything that can be done on the CSS to help this issue?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Gilles Dufour Fri, 09/28/2007 - 00:23
User Badges:
  • Cisco Employee,

why do you think this is a CSS issue ??

From your information, there is no evidence the css is doing anything wrong.

I would suggest to perform a test from a controlled client, capture sniffer traces at different places and see where the delay is coming from.


wilson_1234_2 Fri, 09/28/2007 - 03:08
User Badges:

I wasn't thinking the CSS was causing the problem, but was asking if there was something that could be done if there is packet fragmentation.

The HQ side server responds normally, the DR on is slow.

I captured a trace from my workstation and can see fragmentation of the packets.


This Discussion